@memory_read()
def wrap_mem_read(env):
print "Calling wrap_mem_read()"
@memory_write(memory_size == 1)
def wrap_mem_write(env):
print "Calling wrap_mem_write()"
@function_exit((process_id == 20) & (function_name == "malloc"))
def wrap_function_exit2(env):
print "Calling wrap_function_exit2()"
show_probes()
e = event.function_entry(pid=20,
tid=15,
inst=0xbadbabe,
stack=0xdeadbeef,
funcaddr=0xcafebabe)
print "[*] Dispatching event %s" % e
run_probes(e, None)
e = event.syscall_entry(pid=20,
tid=15,
inst=0xbadbabe,
stack=0xdeadbeef,
sysno=18)
print "[*] Dispatching event %s" % e
run_probes(e, None)
if __name__ == "__main__":
import event
symbol.init("")
v = (process_id == 20) | (thread_id >= 50) & (process_name == "emacs") | (
syscall_num == 2) | (syscall_name == "open")
print "[*] Condition:", v
print "[*] Filter:", v.generateFilter([])
####
e = event.function_entry(pid=20,
tid=76,
module=None,
inst=None,
stack=None,
callee=None)
print "[*] Event:", e
a = v.actualize(e, None)
print "[*] Actualize:", a, "=>", eval(a)
####
e = event.function_entry(pid=18,
tid=15,
module=None,
inst=None,
stack=None,
callee=None)
@syscall_entry(syscall_name >> ["open", "close"])
def wrap_syscall_entry(env):
print "Calling wrap_syscall_entry()"
@syscall_exit()
def wrap_syscall_exit(env):
print "Calling wrap_syscall_exit()"
@memory_read()
def wrap_mem_read(env):
print "Calling wrap_mem_read()"
@memory_write(memory_size == 1)
def wrap_mem_write(env):
print "Calling wrap_mem_write()"
@function_exit((process_id == 20) & (function_name == "malloc"))
def wrap_function_exit2(env):
print "Calling wrap_function_exit2()"
show_probes()
e = event.function_entry(pid = 20, tid = 15, inst = 0xbadbabe, stack = 0xdeadbeef, funcaddr = 0xcafebabe)
print "[*] Dispatching event %s" % e
run_probes(e, None)
e = event.syscall_entry(pid = 20, tid = 15, inst = 0xbadbabe, stack = 0xdeadbeef, sysno = 18)
print "[*] Dispatching event %s" % e
run_probes(e, None)
memory_value = memory_value()
syscall_num = syscall_num()
syscall_name = syscall_name()
if __name__ == "__main__":
import event
symbol.init("")
v = (process_id == 20) | (thread_id >= 50) & (process_name == "emacs") | (syscall_num == 2) | (syscall_name == "open")
print "[*] Condition:", v
print "[*] Filter:", v.generateFilter([])
####
e = event.function_entry(pid = 20, tid = 76, module = None, inst = None, stack = None, callee = None)
print "[*] Event:", e
a = v.actualize(e, None)
print "[*] Actualize:", a, "=>", eval(a)
####
e = event.function_entry(pid = 18, tid = 15, module = None, inst = None, stack = None, callee = None)
print "[*] Event:", e
a = v.actualize(e, None)
print "[*] Actualize:", a, "=>", eval(a)
####
